CVE-2016-1307

MEDIUM

Cisco Finesse Desktop <11.0.1 - Auth Bypass

Title source: llm

Description

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.

References (3)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034920

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034921

Scores

CVSS v3 5.4

EPSS 0.0016

EPSS Percentile 36.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-287 CWE-255

Status draft

Affected Products (2)

zyxel/gs1900-10hp_firmware < 2.50\(aazi.0\)c0

zzinc/keymouse_firmware

Timeline

Published Feb 07, 2016

Tracked Since Feb 18, 2026